diff --git a/backport-CVE-2025-7345.patch b/backport-CVE-2025-7345.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4d9da4f9f63c74341c5d324f6acbd1b7d869dc84
--- /dev/null
+++ b/backport-CVE-2025-7345.patch
@@ -0,0 +1,50 @@
+From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 11 Jul 2025 11:02:05 -0400
+Subject: [PATCH] jpeg: Be more careful with chunked icc data
+
+We we inadvertendly trusting the sequence numbers not to lie.
+If they do we would report a larger data size than we actually
+allocated, leading to out of bounds memory access in base64
+encoding later on.
+
+This has been assigned CVE-2025-7345.
+
+Fixes: #249
+---
+ gdk-pixbuf/io-jpeg.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 9cfd29718..103820c5a 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -359,6 +359,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ 		context->icc_profile = g_new (gchar, chunk_size);
+ 		/* copy the segment data to the profile space */
+ 		memcpy (context->icc_profile, marker->data + 14, chunk_size);
++                ret = TRUE;
+ 		goto out;
+ 	}
+ 
+@@ -380,12 +381,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ 	/* copy the segment data to the profile space */
+ 	memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
+ 
+-	/* it's now this big plus the new data we've just copied */
+-	context->icc_profile_size += chunk_size;
++        context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
+ 
+ 	/* success */
+ 	ret = TRUE;
+ out:
++        if (!ret) {
++                g_free (context->icc_profile);
++                context->icc_profile = NULL;
++        }
+ 	return ret;
+ }
+ 
+-- 
+GitLab
+
diff --git a/gdk-pixbuf2.spec b/gdk-pixbuf2.spec
index 5f1eead6fdcdf667af5b245ccc5f76f34fd09ada..74d4e30e9ef3fbd4062d7db5d087988106ff7c3e 100644
--- a/gdk-pixbuf2.spec
+++ b/gdk-pixbuf2.spec
@@ -2,12 +2,14 @@
 
 Name:           gdk-pixbuf2
 Version:        2.42.12
-Release:        1
+Release:        2
 Summary:        gdk is a multi-platform toolkit for creating graphical user interfaces.
 License:        LGPL-2.1-or-later
 URL:            https://gitlab.gnome.org/GNOME/gdk-pixbuf
 Source0:        https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{version}.tar.xz
 
+Patch6001:      backport-CVE-2025-7345.patch
+
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
 BuildRequires:  pkgconfig(gio-2.0) >= %{glib2_version}
@@ -125,6 +127,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %doc %{_datadir}/doc/gdk-pixdata/
 
 %changelog
+* Mon Jul 14 2025 kouwenqi <kouwenqi@kylinos.cn> - 2.42.12-2
+- fix CVE-2025-7345
+
 * Wed Oct 16 2024 Funda Wang <fundawang@yeah.net> - 2.42.12-1
 - update to 2.42.12